Goal
A standalone CPAN distribution -- GDPR::IAB::TCFv1 -- that parses the legacy IAB TCF v1 / v1.1 consent string format (April 2018 -- August 2020, superseded by TCF v2.0).
Why a separate dist
The TCF v1 wire format and the TCF v2 wire format share nothing but the acronym:
- Different bit layout, different field offsets.
- No segment structure (v1 is a single base64url-encoded blob; v2 has core + optional disclosed-vendors / allowed-vendors / publisher-tc segments separated by
.).
- Smaller fixed core.
- Different purpose taxonomy and a much smaller GVL.
Adding a v1 code path inside GDPR::IAB::TCFv2 would mean carrying dead-spec logic and conditional branches for users who do not need it. Splitting v1 out keeps both distributions lean.
Audience (intentionally narrow)
- Log spelunkers reconstructing what consent meant in 2019.
- Audit / compliance teams reviewing historical opt-in records.
- Researchers and the historically curious.
This is not a hot-path runtime dependency in 2026 -- nobody is emitting v1 strings anymore. Treat it as a small, archival utility, not a peer to TCFv2.
Suggested API
Mirror the surface of GDPR::IAB::TCFv2 where it makes sense, drop what does not apply:
GDPR::IAB::TCFv1->Parse($tc_v1_string) -- decode and validate the version byte (must be 1); return a parsed object.version, created, last_updated, cmp_id, cmp_version, consent_screen, consent_language, vendor_list_version accessors.is_purpose_allowed($purpose_id) -- v1's PurposesAllowed is a flat 24-bit field; no LI / consent split, no flexible purposes.is_vendor_allowed($vendor_id) -- handles both bitfield and range encodings via the v1 IsRangeEncoding flag.TO_JSON -- mirror GDPR::IAB::TCFv2's shape so audit scripts can switch versions cheaply.
Skip everything that does not exist in v1: validator pipeline, CMP validator, publisher restrictions, special features, disclosed-/allowed-vendors segments.
Definition of done
- New distribution
GDPR-IAB-TCFv1 published to CPAN with its own test corpus of real-world v1 strings.
- Mirrors
GDPR::IAB::TCFv2's Parse / TO_JSON / predicate idiom where the spec overlap allows.
- Cross-link from this dist's
TODO.pod ecosystem section to the new dist.
See TODO.pod -- ECOSYSTEM -- SISTER DISTRIBUTIONS / Nice to have / GDPR::IAB::TCFv1 for context.
Goal
A standalone CPAN distribution --
GDPR::IAB::TCFv1-- that parses the legacy IAB TCF v1 / v1.1 consent string format (April 2018 -- August 2020, superseded by TCF v2.0).Why a separate dist
The TCF v1 wire format and the TCF v2 wire format share nothing but the acronym:
.).Adding a v1 code path inside
GDPR::IAB::TCFv2would mean carrying dead-spec logic and conditional branches for users who do not need it. Splitting v1 out keeps both distributions lean.Audience (intentionally narrow)
This is not a hot-path runtime dependency in 2026 -- nobody is emitting v1 strings anymore. Treat it as a small, archival utility, not a peer to TCFv2.
Suggested API
Mirror the surface of
GDPR::IAB::TCFv2where it makes sense, drop what does not apply:GDPR::IAB::TCFv1->Parse($tc_v1_string)-- decode and validate the version byte (must be1); return a parsed object.version,created,last_updated,cmp_id,cmp_version,consent_screen,consent_language,vendor_list_versionaccessors.is_purpose_allowed($purpose_id)-- v1'sPurposesAllowedis a flat 24-bit field; no LI / consent split, no flexible purposes.is_vendor_allowed($vendor_id)-- handles both bitfield and range encodings via the v1IsRangeEncodingflag.TO_JSON-- mirrorGDPR::IAB::TCFv2's shape so audit scripts can switch versions cheaply.Skip everything that does not exist in v1: validator pipeline, CMP validator, publisher restrictions, special features, disclosed-/allowed-vendors segments.
Definition of done
GDPR-IAB-TCFv1published to CPAN with its own test corpus of real-world v1 strings.GDPR::IAB::TCFv2'sParse/TO_JSON/ predicate idiom where the spec overlap allows.TODO.podecosystem section to the new dist.See
TODO.pod--ECOSYSTEM -- SISTER DISTRIBUTIONS / Nice to have / GDPR::IAB::TCFv1for context.